Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Security Monitoring posted in October 2015
Security Analytics Still Greenfield Opportunity
News  |  10/29/2015  | 
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
Machine Learning Is Cybersecuritys Latest Pipe Dream
Commentary  |  10/29/2015  | 
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
5 Things To Know About CISA
News  |  10/28/2015  | 
Despite criticism from privacy advocates, the Cybersecurity Information Sharing Act passed through the Senate yesterday.
New Approaches to Vendor Risk Management
Commentary  |  10/26/2015  | 
The key to managing partner security risk is having truly verifiable evidence.
Passing the Sniff Test: Security Metrics and Measures
Slideshows  |  10/23/2015  | 
Cigital dishes dirt on top security metrics that dont work well, why theyre ineffective and which measurable to consider instead.
An Atypical Approach To DNS
Commentary  |  10/15/2015  | 
Its now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Heres how -- and why -- you should care.
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Commentary  |  10/7/2015  | 
Software-based machine learning attempts to emulate the same process that the brain uses. Heres how.
Dont Be Fooled: In Cybersecurity Big Data Is Not The Goal
Commentary  |  10/6/2015  | 
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
Automating Breach Detection For The Way Security Professionals Think
Commentary  |  10/1/2015  | 
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28973
PUBLISHED: 2021-04-13
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVE-2021-29997
PUBLISHED: 2021-04-13
XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVE-2021-29998
PUBLISHED: 2021-04-13
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
CVE-2021-29999
PUBLISHED: 2021-04-13
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
CVE-2021-21729
PUBLISHED: 2021-04-13
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1